Nightwatch Cybersecurity Research

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-12-05 **Description** The issue is related to the GPS component and is caused by insufficient access control. It allows remote attackers to cause a denial of service, specifically a GPS signal-acquisition delay, by using an incorrect `xtra.bin` or `xtra2.bin` file on a spoofed Qualcomm `gpsonextra.net` or `izatcloud.net` host. **Recommendations** For Android versions prior to 2016-12-05, update to a version released after 2016-12-05 to resolve the issue. As a temporary workaround, consider restricting access to the GPS component to minimize the risk of exploitation. Avoid using the `xtra.bin` or `xtra2.bin` files from untrusted sources, especially on spoofed hosts.